Looking to reach us via XMPP? Check out the new PidginChat service!

cve-2014-0020-00

Summary Remotely triggerable crash in IRC argument parsing
Date 2014-01-28
CVE Number CVE-2014-0020
Discovered By Daniel Atallah
Fixed In Release 2.10.8

Description

A malicious server or man-in-the-middle could trigger a crash in libpurple by sending a message with fewer than expected arguments.

Mitigation

Verify that incoming messages contain the appropriate number of arguments before handling them.